ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
ab17e2695b
TenantAtlas/specs/127-rbac-inventory-backup/quickstart.md
Ahmed Darrazi ab17e2695b feat: add Intune RBAC inventory and backup support
2026-03-09 11:39:36 +01:00

2.8 KiB
Raw Blame History

Quickstart — Intune RBAC Inventory & Backup v1 (127)

Prerequisites

  • Docker running
  • Laravel Sail available at vendor/bin/sail
  • Existing test database available through Sail

Local setup

  • Start containers:

    • vendor/bin/sail up -d

  • Install dependencies if needed:

    • vendor/bin/sail composer install
    • vendor/bin/sail npm install

Implementation checkpoints

  1. Extend foundation metadata and Graph contracts for:
    • intuneRoleDefinition
    • intuneRoleAssignment
  2. Add RBAC normalizers and register them in AppServiceProvider.
  3. Wire permission-warning handling for missing DeviceManagementRBAC.Read.All.
  4. Verify inventory, backup, and restore preview surfaces treat both types as foundations and preview-only.

Format

  • Run formatting before final review:
    • vendor/bin/sail bin pint --dirty --format agent

Focused tests

Run the smallest relevant sets first:

  • Inventory sync and coverage:

    • vendor/bin/sail artisan test --compact tests/Feature/Inventory/InventorySyncServiceTest.php
    • vendor/bin/sail artisan test --compact tests/Feature/Filament/InventoryCoverageTableTest.php

  • Foundation backup capture and preview-only behavior:

    • vendor/bin/sail artisan test --compact tests/Feature/FoundationBackupTest.php
    • vendor/bin/sail artisan test --compact tests/Feature/Filament/RestoreExecutionTest.php
    • vendor/bin/sail artisan test --compact tests/Feature/RestoreUnknownPolicyTypeSafetyTest.php

  • Graph contract and snapshot helpers:

    • vendor/bin/sail artisan test --compact tests/Unit/GraphContractRegistryTest.php
    • vendor/bin/sail artisan test --compact tests/Unit/FoundationSnapshotServiceTest.php

  • RBAC permission and verification surfaces:

    • vendor/bin/sail artisan test --compact tests/Feature/Verification
    • vendor/bin/sail artisan test --compact tests/Unit/RbacOnboardingServiceTest.php

If dedicated spec-127 tests are added, run those file paths directly.

Manual verification checklist

  • As a tenant member with inventory capability:

    • run inventory sync with foundations enabled
    • confirm intuneRoleDefinition and intuneRoleAssignment appear in coverage under RBAC

  • As a tenant member with backup visibility:

    • create a backup set with foundations enabled
    • confirm RBAC foundation items appear as backup items with readable display names

  • In backup or restore preview detail:

    • confirm both RBAC foundation types show preview-only
    • confirm no execute-restore action is available for them

  • With missing DeviceManagementRBAC.Read.All:

    • run verification or inventory sync
    • confirm the result surfaces a clear RBAC permission warning or reason instead of an opaque failure

  • As a non-member:

    • attempt direct access to tenant-scoped RBAC coverage or backup/version views
    • confirm the response is 404